Main menu

An IT Networking Informational Spot

Category Archives: Certifications

IT security professionals are on the front lines against web threats. A web threat is anything on the Internet that facilitates cybercrimes, including computer viruses, denial-of-service attacks and malware that target computer networks and devices. Other cybercrimes include cyber stalking, fraud and identity theft, information warfare, and phishing scams, all of which use computer networks and devices to facilitate other crimes. Financial damages, identity theft, loss of confidential information or data, damage to a company’s brand or a person’s reputation, and declining consumer confidence are just some of the risks posed by Web threats.

Web Threats Are Serious Threats

Every individual on every desktop and mobile computing device connected to the Internet is vulnerable to Web threats. Organizations worldwide are more dependent than ever on conducting business through the Internet. That dependence, combined with ever-changing Web threats, means most organizations are at risk every day of losing data, productivity and revenue. The increasing need for protection against the losses caused by Web threats is driving the growth of information systems (IS) security jobs.

Web threats often enter networks without user knowledge. They can also be triggered by clicking on a hyperlink or executable file attachment in a spam email. Once in a system, Web threats spawn variants, creating a chain reaction that spreads through the Web to infect more machines and perform more malicious activities.

Fighting Back Against Cyber Threats With IT Security

IT professionals specializing in IS security work need to stay up-to-date on cyber threats. Typically, they manage known threats from known sources through URL filtering and content inspection solutions. These require frequent updates, but are generally effective. It has become clear in recent years that multi-layered protection is necessary to fully protect consumers and businesses from web threats.

The “layers” referred to include the cloud, the Internet gateway, network servers and individual computers. The multi-layer approach integrates antivirus, anti-phishing, anti-spyware and anti-spam protection with website analysis using multiple techniques, such as source reputation and content clearing.

Top 10 Web Threats

Web threats are more damaging and extensive than ever. Nearly any website can either host malware or send the user to one that does. And infections are more likely to result from a visit to a legitimate website that has been compromised with spyware than from a phony site set up specifically to spread malware.

Last year, IT security firm Symantec released a list of history’s 10 most notorious Web threats:

I Love You (2000): This worm used a friendly phrase to entice users to open it. Ultimately, the Pentagon, CIA and British Parliament’s email systems were shut down in an effort to fight it.
Conficker (2009): Conficker allows its creators to remotely install software on infected machines. Later, it could possibly be used to create a botnet that can be rented out to criminals seeking to steal identities and direct users to online scams and phishing sites.
Melissa (1999): Named for the exotic dancer its creator was obsessed with, this virus kicked off a long period of high-profile threats between 1999 and 2005.
Slammer (2003): A fast-moving, aggressive worm, Slammer brought much of the Internet down in January, 2003.
Nimda (2001): This mass-mailing worm uses multiple methods to spread itself and became the Internet’s most widespread worm in 22 minutes. Its name is “admin” in reverse.
Code Red (2001): Websites with the Code Red worm were defaced by the phrase “Hacked By Chinese!”
Blaster (2003): The Blaster worm launched a denial of service attack against Microsoft’s Windows Update website.
Sasser (2004): Capable of spreading without user intervention, Sasser caused Delta Airlines to cancel some of its flights.
Storm (2007): Another worm directed at Microsoft, it was observed sending almost 1,800 emails from a single machine in a five-minute period.
Morris (1988): An old worm that remains famous and allows current worms to exist, Morris was created innocently in an attempt to gauge the size of the Internet.
Top Trends in Cyber Threats

Hackers and cyber thieves are continuously launching new Web threats – often tied to newsworthy events:
In December, 2010, supporters of the website WikiLeaks protested against MasterCard and Swiss bank PostFinance’s disruption of funding to the site by attacking their websites. The hackers, dubbed Anon_Operation, said they had brought down mastercard.com with denial of service attacks.
In June, 2010, spammers and scammers took advantage of national interest in the FIFA World Cup in South Africa to release spam, scams, advance-fee “419” fraud and malware attacks.
The average rate for malware in email traffic in 2010 was one in 284.2 emails, according to Symantec’s MessageLabs Intelligence2010 Annual Security Report. There was a substantial increase in the number of different malware strains blocked, due largely to the growth in polymorphic malware variants that allow a new version of the code to be generated quickly and easily, according to the report.
Two of the greatest challenges for IT security professionals are protecting an increasingly mobile workforce and the business world’s skyrocketing use of social media tools – which cyber criminals have recognized as a new means to conduct illegal activity and inflict harm.
Increasing broadband availability, combined with more users without computer security awareness gaining Internet access, is leading to high rates of malware infection in additional areas like East Africa.
Symantec predicts that in 2011, botnet controllers will begin hiding commands in plain view – within images or music files shared through file sharing or social networking sites.
IS Security Job Descriptions

The new and unknown Web threats designed to adapt to traditional methods and avoid detection keep IS security professionals on their toes. Their main responsibility is to analyze systems to prevent security breaches, loss of revenue and harm to brands, and protect confidential data.

Overview of IT Security Careers

IS security jobs can be found in organizations in the private, public and government sectors, worldwide. Employers need the skills and knowledge that experienced professionals bring. With advanced training and industry certification, you can pursue a career as an IS security engineer, IT security consultant or IS security manager. Additional experience and training can lead to executive IT security jobs like chief IT officer, director of information technology, senior IS security analyst, chief IS security officer, and IS security director.

IT security professionals are responsible for creating different methods to protect an organization against spyware and malware, while keeping Internet bandwidth available for business needs. They must also guard against employees’ improper Internet use, like visiting infected websites, and prevent loss of confidential information and data.

Different responsibilities come with varying levels of responsibility on the IS security career path. In mid-level positions like IS security engineer and IS security manager, job descriptions typically include duties like performing security design reviews, code audits and black box testing. They may also develop product specifications, plans, schedules and other written correspondence. Higher-level executives such as chief technology officers, IS security directors and chief information officers lead an organization’s IS security strategy, planning and supervisory activities, and directing an information systems security or information technology department.

IT Security Potential Salary

The U.S. Bureau of Labor Statistics (BLS) data from May, 2009 indicate computer and information systems managers earned average salaries of $120,640. Those in the 75th percentile earned around $143,590 per year, while the top 10% earned upwards of $166,400 annually.

Salary.com and PayScale.com records for December 2010 showed that IT and IS security managers, directors and executives had an annual base income in the following ranges:

IT and finance professionals, project managers and business professionals from a variety of backgrounds are affected by web threats. Those interested in pursuing a career in IS security should consider acquiring the in-demand information security skills and certification that today’s top employers require.

Landing an IS security job typically requires at least a bachelor’s degree, specialized IS security training and recognized credentials such as the Certified Information Systems Security Professional (CISSP ®) or Systems Security Certified Practitioner (SSCP®) certification through (ISC)2® or CompTIA (Computing Technology Industry Association) Security+™ certification. To develop these critical skills and prepare for certification exams, many professionals enroll in continuing professional education – such as the Master Certificate in Information Security programs offered 100% online by Villanova University.

Determining Broadcast Addresses And Valid IP Address Ranges For A Given Subnet

No matter the format, you can use your knowledge of binary math to solve this question. You will convert the subnet address into binary, and determine the range of valid addresses as well as the broadcast address at the same time. Let’s examine how to best answer the “range of valid IP address” question first, and then you’ll see how to quickly determine the broadcast address as well.

The question: “What is the range of valid IP addresses for the subnet 210.210.210.0 /25?” As with previous sections, you will use your binary math skills to convert the subnet address and subnet mask into binary. This will allow you to quickly spot the host bits, which are key to answering this question and the broadcast address question. The host bits are those bits set to “0” in the subnet mask.

Octet 1Octet 2Octet 3 Octet 4

Subnet Address

210.210.210.0 110100101101001011010010 00000000

Subnet Mask

255.255.255.128(/25) 1111111111111111 11111111 10000000

There are three basic rules to remember when determining the subnet address, broadcast address, and range of valid addresses once you’ve identified the host bits as shown above:

1. The address with all 0s for host bits is the subnet address, also referred to as the “all-zeroes” address. This is not a valid host address.

2. The address with all 1s for host bits is the broadcast address, also referred to as the “all-ones” address. This is not a valid host address.

3. All addresses between the all-zeroes and all-ones addresses are valid host addresses, unless the question specifically states otherwise.

You can quickly see that the “all-zeroes” address is 210.210.210.0. What will the value be if those host bits are set to all 1s? Use your knowledge of binary math to determine this! The “all-ones” address is 210.210.210.127. If you had trouble making that conversion, review Section Two, “Converting Binary To Decimal”. This conversion actually answers two different questions. This quick conversion shows you what the range of valid IP addresses is, and also gives you the broadcast, or “all-ones”, address. The second example question, “What is the broadcast address for the subnet 210.210.210.0 /25?”, is answered by using the same method.

Let’s look at another set of examples:

“What is the range of valid IP addresses in the subnet 150.10.64.0 /18?”

“What is the broadcast address of the subnet 150.10.64.0 /18?”

Octet 1Octet 2Octet 3 Octet 4

Subnet Address

150.10.64.0 11010010 0000101001000000 00000000

Subnet Mask

255.255.192.0 (/18) 111111111111111111000000 00000000

If all the host bits are “zeroes”, the address is 150.10.64.0, the subnet address itself. This is not a valid host address. If all the host bits are “ones”, the address is 150.10.127.255. That is the broadcast address for this subnet. All bits between the subnet address and broadcast address are considered valid addresses. This gives you the range 150.10.64.1 – 150.10.127.254.

Again, the method used to arrive at the range of valid IP addresses is the same as that used to discover the broadcast address of a given subnet. Let’s take a look at the other question type from the first part of this section:

“Which of the following IP addresses are found on the same subnet as the IP address 210.210.210.130 /25?”

“Which of the following IP addresses are not found on the same subnet as the IP address 210.210.210.130 /25?”

For some subnetting questions, you’re going to have to determine more than one factor before you can give the correct answer. This question looks simple enough on the surface, but to answer this question type correctly, you must determine two things:

1. On what subnet can this address be found?

2. What is the range of valid IP addresses for this subnet?

In the example, you must first determine the subnet address of the IP address in question, which you learned how to do in Section Six:

Octet 1Octet 2Octet 3 Octet 4

IP Address

210.210.210.130 1101001011010010 11010010 10000010

Subnet Mask

255.255.255.128 (/25) 11111111 1111111111111111 10000000

Boolean AND Result 110100101101001011010010 10000000

Converting The Boolean AND Into Dotted Decimal:

128 64 32 16 8 4 2 1 Total

First Octet 1 1 0 1 0 0 1 0 210

Second Octet 1 1 0 1 0 0 1 0 210

Third Octet 1 1 0 1 0 0 1 0 210

Fourth Octet 1 0 0 0 0 0 0 0 128

If all the host bits are 0, the all-zeroes address is 210.210.210.128. If all the host bits are 1, the all-ones address is 210.210.210.255. All addresses between these two are valid. You would now look at the different IP addresses presented by the question and then determine which ones fall in the range 210.210.210.129 – 210.210.210.254 (or which ones don’t, if that’s what the question asks for.)

At first, it seems like a lot of work, but as with all other binary math operations, once you practice it, it will become second nature. This question seems longer to solve because it is, since two operations are needed to solve it. Since you’re well-versed in the fundamentals of binary math, this question will present no problems for you.

“What subnet is the address 200.17.49.200 /23 a member of?” or “On what subnet can the address 200.17.49.200 /23 be found?”

This is one of those types of questions that often trips up CCNA candidates. It is because many don’t understand the Boolean AND operation, which is the only way you can properly answer this question. This segment will review the Boolean AND operation and show you how to use it in order to solve this question. As with anything else within this subject matter, once you are used to using the Boolean AND operation, everything else (of similar subject) tends to be easier.

The Boolean AND is, simply put, a bit-by-bit comparison of the IP address and a subnet mask. In this case, the Boolean AND will reveal the subnet upon which this IP address esists. Your knowledge of binary math will be, and always is, key in you answering this question type as well, since the address and mask must be broken down into binary in order to perform the Boolean AND.

You must use the skills of “Converting Dotted Decimal To Binary”, to convert the IP address to binary:

128 64 32 16 8 4 2 1

1st Octet: 200 1 1 0 0 1 0 0 0

2nd Octet: 17 0 0 0 1 0 0 0 1

3rd Octet: 49 0 0 1 1 0 0 0 1

4th Octet: 200 1 1 0 0 1 0 0 0

The IP address, in binary, is 11001000 00010001 00110001 11001000. Your knowledge of prefix notation tells you that a subnet mask of /23 is 11111111 11111111 11111110 00000000. (The first 23 bits are ones). Now that the IP address and subnet mask have been converted to binary, the subnet on which the IP address resides can be found by performing a Boolean AND. Remember, a Boolean AND is simply a bit by-bit comparison of the address and mask.

Bit 1 Bit 2 Bit 3 Bit 4 Bit 5 Bit 6 Bit 7 Bit 8

IP Address 1 1 0 0 1 0 0 0 Octet 1

Subnet Mask 1 1 1 1 1 1 1 1 Octet 1

Note that where a bit in the same position is “1” in both the IP address and subnet mask, the Boolean AND result is also “1”. Any other combination results in the Boolean AND resulting in “0”. And now that we’ve looked at the Boolean AND being run on a single octet, let’s run it on the entire IP address and subnet mask. This is the chart you should use on exam day to answer this question type:

Octet 1 Octet 2 Octet 3 Octet 4

IP Address 11001000 00010001 00110001 11001000 200.17.49.200

Subnet Mask 11111111 11111111 11111110 00000000 255.255.254.0 (/23)

Boolean AND 11001000 00010001 00110000 00000000 Result

Once the Boolean AND result is achieved, it has to be converted into dotted decimal. Using your knowledge of converting binary to dotted decimal, you see that the IP address you were given is found on the 200.17.48.0 /23 subnet.

128 64 32 16 8 4 2 1

First Octet 1 1 0 0 1 0 0 0 200

Second Octet 0 0 0 1 0 0 0 1 17

Third Octet 0 0 1 1 0 0 0 0 48

Fourth Octet 0 0 0 0 0 0 0 0 0

You can now see where the skills you learned in earlier sections come into play in the more complex subnetting questions. When you master the fundamentals of binary math, as you have, you can answer any question Cisco gives you.

A /20 mask indicates that the first 20 bits are set to “1”, which in expressed in dotted decimal as 255.255.240.0. The way to determine the number of valid hosts is much like the previous section in determining the number of valid subnets, in that you must first determine how many subnet bits are present. The difference is that when determining the number of valid hosts, it is the number of host bits you’re concerned with, rather than the number of subnet bits.

Once the number of host bits is determined, use this formula to arrive at the number of valid hosts:

The number of valid hosts = (2 raised to the power of the number of host bits) – 2

In the example question, there is a Class B network, with a default mask of /16. The subnet mask is /20, indicating there are four subnet bits. Here’s where the difference comes in. There are 16 network bits and 4 subnet bits. That’s 20 out of 32 bits, meaning that there are 12 host bits. 2 to the 12th power is 4096; subtract 2 from that, and there are 4094 valid host addresses.

Illustrating the masks in binary illustrates where the host bits lie:

Default Network Mask 1st Octet2nd Octet3rd Octet 4th Octet

255.255.0.0 111111111111111100000000 00000000

Subnet Mask

255.255.240.0 11111111 11111111 11110000 00000000

Remember, previously mentioned, that the bits that are set to “0” in the default mask and “1” in the subnet mask are the subnet bits? The bits that are set to “0” in both masks are the host bits. That’s the value you need to have for the formula to determine the number of valid hosts. Note that in both the formula for determining the number of valid hosts and valid subnets, 2 is subtracted at the end. What two hosts are being subtracted? The “all-zeroes” and “all-ones” host addresses, which are considered unusable.

How many valid host addresses exist in the 220.11.10.0 /26 subnet?

This is a Class C network, with a default mask of /24. The subnet mask is /26, indicating that there are 2 subnet bits. With 24 network bits and 2 subnet bits, that leaves 6 host bits:

Default Network Mask 1st Octet2nd Octet3rd Octet 4th Octet

255.255.0.0 11111111111111110000000000000000

Subnet Mask

255.255.240.0 11111111 11111111 1111000000000000

(Boldfaced 11 bits are representative of the Host bits.) 2 to the 11th (211 ) power equals 2048; subtract 2 from that and 2046 valid host addresses remain.

2. How many valid subnets exist on the 192.168.1.100 255.255.255.224 network?

The /27 in question one is called prefix notation and the 255.255.255.224 designation is the dotted decimal mask. Both questions are the same, just written differently.

The /27 is an indicator as to how many ones (1s) are at the beginning of this network’s mask. 255.255.255.224, or /27, converted to decimal is 11111111 111111111 11111111 11100000. One nice little tid-bit of information is that the number of network bits never changes. Subnetting always borrows bits from the host bits, ALWAYS!

1st Octet

2nd Octet

3rd Octet

4th Octet

Default Classs C Network

11111111

11111111

11111111

00000000

This IP’s Subnet Mask

11111111

11111111

11111111

11100000

So, the question remains, how many valid subnets exist on the 192.168.1.100/27 network?

By comparison we can determine that a class C network has 24 network bits and therefore possess only 8 host bits. On this network, we borrowed (remember) 3 bits from the host bits for our subnet. [The number of valid subnets = 2x; where x is the number of set subnet bits (1’s)] Therefore, 23 = 2 x 2 x 2 = 8, which is the number of valid subnets.

As mentioned prior to this, one of the key elements to subnetting is Binary, Octal, Decimal, and Hexadecimal conversion. While I do like the Sybex Study Guide for CCNA by Todd Lammle, I do believe with respect to the subnetting aspect there are other better resources. For example the Bryant Advantage system, the ICND 1 & 2 Study Guides for CCENT & CCNA by Wendell Odom (especially the Appendicies), and Test King (http://www.testking.com/). I am certain that there are others, but I have come to an appreciation and an understanding after these; of course, the CCNA Bootcamp was an extreme help as well!

One trick that has stuck with me is this: Key on the first several digits to the first segment of the IP Address (i.e., 10.0.0.1, 172.10.120.1, 192.168.1.100, 224.10.10.1, & 240.0.0.100)

10 = 00001010 = A first four digits 0000-0111

172 = 10101100 = B first two digits 1000-1011

192 = 11000000 = C first two digits 1100-1101

224 = 11100000 = D first four digits 1110

240 = 11110000 = E first four digits 1111

This is a quick assessment trick which can cut off some time while determining to what subnet class the address is a part of. Of course, it is just as easy to memorize the entire spectrum.

What is the broadcast address for each subnet? Our broadcast address is the last address prior to the next subnet; i.e., our block size is 64 then our starting addresses are 0, 64, 128, 192…therefore, the broadcast address would be the on prior to the last which is 63, 127, 191, & 255.

What are the valid hosts? The valid hosts are all of the addresses in between the subnet and the broadcast addresses; i.e., with the block size of 64 then our valid hosts are: 1-62, 65-126, 129-190, & 193-254.

I have been debating how to approach this subject of Subnetting, there is not much to say other than it really sucks to learn. But once you learn it, it just gets easier and more understandable. Unfortunately, every new subject you learn, with which you have no familiarity with is going to be absolute hell unless you can pick it up quickly. When I started learning subnetting and then relearned and re-familiarized myself, I have to admit it was tough and I just was not getting it. But the information super highway, Youtube, and many other tid-bits of information out there in the world can make all the difference in the world. You might not understand what one method teaches there is always another method that may take hold in your brain. So, take heart…it may be a roller coaster, but it is our roller coaster. Just keep looking for the method that makes sense to you, it is out there. Below are some references, which are not all inclusive as there are a multitude more references for your viewing pleasure.

Youtube, as you probably already know, is an underutilized resource and valuable tool in your arsenal of learning.

Look through these references, videos (you won’t need to view all, just until you are comfortable), and the other web-sites. To really prepare yourself for the test (CCENT or CCNA) use the IPv4 subnetting – random question generator v1.6as it will generate random IPv4 subnetting questions for you to practice on (makes it easy for you!)

Also, keep in mind that you will be tested on IPv4 for subnetting, so that is what we will be using. IPv6 is being deployed and you may see it on the test for CCNA, but more likely than not you will not receive test questions on the subnetting of IPv6.